Microsoft Authenticator

If the PC breaks, the Microsoft account itself remains secure. Device loss does not by itself compromise the account, because sign-in is protected by the configured authentication methods (for example, Microsoft Authenticator, SMS, email codes, Windows Hello, or security keys).

If the phone with Microsoft Authenticator is lost or replaced, the account is still secure, but the old device should be removed as an authentication method:

1. Sign in to the Microsoft account dashboard from a device where sign-in is still possible and go to Security > Advanced security options.
2. Under Ways to prove who you are, find the entry that corresponds to the old device (for example, Send sign-in notification with that device name).
3. Expand it and select Remove so that notifications no longer go to the lost phone.

If access to the Authenticator app is temporarily unavailable, other configured methods (SMS, email codes, Windows Hello, security keys) can still be used to sign in. If two-step verification is turned on, two recovery methods are required.

To sign in from a friend’s PC:

1. Go to the usual Microsoft sign-in page.
2. Enter the Microsoft account email and password (or use passwordless sign-in if the account is configured that way).
3. When prompted for verification, choose one of the available methods other than the lost phone (for example, SMS code, email code, Windows Hello, or a physical security key).

If the account has been made passwordless, sign-in must use one of the configured passwordless methods such as Microsoft Authenticator, Outlook for Android, Windows Hello, SMS codes, or physical security keys. If the only method was the lost phone and no other methods are available, recovery steps from the security page are required, or a password can be added back to the account once access is regained.

References:

• How to go passwordless with your Microsoft account
• How to help keep your Microsoft account secure
• Microsoft Authenticator FAQs